Overview

File _patchinfo of Package patchinfo.18425

<patchinfo incident="18425">
  <issue tracker="bnc" id="1182357">AUDIT-FIND: MozillaFirefox, MozillaThunderbird: packaging helper uses http instead of https</issue>
  <issue tracker="bnc" id="1182614">VUL-0: MozillaFirefox / MozillaThunderbird: update to 86 and 78.8.0esr</issue>
  <issue tracker="cve" id="2021-23969"/>
  <issue tracker="cve" id="2021-23978"/>
  <issue tracker="cve" id="2021-23968"/>
  <issue tracker="cve" id="2021-23973"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

- Mozilla Thunderbird 78.8
  * fixed: Importing an address book from a CSV file always reported an error
  * fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved
  * fixed: Calendar: FileLink UI fixes for Caldav calendars
  * fixed: Recurring tasks were always marked incomplete; unable to use filters
  * fixed: Various UI widgets not working
  * fixed: Dark theme improvements
  * fixed: Extension manager was missing link to addon support web page
  * fixed: Various security fixes
  MFSA 2021-09 (bsc#1182614)
  * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
  * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
  * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
  * CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places